Item 1C. Cybersecurity.

 

Risk management and strategy

 

We have not formally developed and implemented a cybersecurity risk management program. However, we generally follow operating practices designed to help prevent cybersecurity risk to protect the confidentiality, integrity, and availability of the Company’s data and systems and any personal health information (“PHI”) that we maintain.

 

Our general operating procedures for cybersecurity risk management are incorporated into our overall enterprise risk management programs, and share common methodologies, reporting channels and governance processes, including the following:

 

●

General procedures designed to help identify material cybersecurity risks to our critical systems, information, services, and our broader enterprise IT environment; and

 

●

An outsourced IT security team to assist with managing (1) our cybersecurity procedures, (2) our security controls, and (3) our response to cybersecurity interests.

 

As of the date of this filing, we have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected us, including our operations, business strategy, results of operations, or financial condition. We may face risks from cybersecurity threats that, if realized, are likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. For additional information, see Part I, Item 1A: Risk Factors— Risks Relating to our Business: We are susceptible to cybersecurity breaches and cyber-related fraud.

 

Cybersecurity: Governance

 

Our executive team evaluates our cybersecurity risk and reports any findings, recommendations, or material impacts to the Board of Directors, which provides an oversight function. The Board of Directors has charged management with the responsibility for oversight of cybersecurity risks and incidents and any other risks and incidents relevant to the Company’s computerized information system controls and security.

 

Our Corporate Controller reviews the efficacy of our cybersecurity procedures from time to time as circumstances make it appropriate and annually in connection with the annual audit of the Company’s financial statements. Our Corporate Controller reports to our CEO and CFO on matters of cybersecurity, and together they carry responsibility for our overall cybersecurity risk management procedures. Our CEO and CFO provide prompt reports to the Board regarding cybersecurity risks and incidents as they are revealed, as well as periodic reports, as appropriate, regarding the Company’s cybersecurity activities.